网络安全审查中的透明性研究

Research on Transparency in Cyber Security Review

随着社会进入开放、动态、复杂和多变的网络化信息服务时代,国家对网络信息技术产品提出了安全可控的要求。首先,围绕网络产品和服务安全审查办法中的透明性要求,阐述了透明性的定义以及面向组织、用户和国家的透明性需求;其次,按照透明性目标和透明性审查内容,分别从特性、子特性层次和度量属性层次给出了透明性审查模型;最后,以数据库产品为例,介绍了将该透明性模型具化为审查指标体系的步骤,以期为其他网络产品和服务审查指标体系的形成提供思路。

As society enters an era of open,dynamic,complex and ever-changing network information services,the state puts forward the requirement of safety and controllability for Internet information technology products.Firstly,according to the requirement of transparency in network product and service security review,the definition of transparency and transparency needs for organizations,users and countries are expounded.Secondly,transparency review model is given in terms of transparency goal and transparency review,respectively,from the characteristics,sub characteristics and measurement attributes.Finally,taking the database product as an example,the steps of transforming the transparency model into a review index system are described,so as to provide ideas for the formation of other network product and service review index systems.